Data Protection
We need to hold personal information about you on our computer systems and in paper records to help us to look after your health needs, and your doctor is responsible for their accuracy and safe-keeping. Please help to keep your record up to date by informing us of any changes to your circumstances.
Doctors and staff in the practice have access to your medical records to enable them to do their jobs. From time to time information may be shared with others involved in your care if it is necessary. Anyone with access to your record is properly trained in confidentiality issues and is governed by both legal and contractual duty to keep your details private.
All information about you is held securely and appropriate safeguards are in place to prevent accidental loss.
In some circumstances we may be required by law to release your details to statutory or other official bodies, for example if a court order is presented, or in the case of public health issues. In other circumstance you may be required to give written consent before information is released – such as for medical reports for insurance, solicitors etc.
To ensure your privacy, we will not disclose information over the telephone or fax unless we are sure that we are talking to you. Information will not be disclosed to family, friends or spouses unless we have prior written consent, and we do not, leave messages with others.
You have a right to see your records if you wish. Please ask at reception if you would like further details about our patient information leaflet. An appointment may be required. In some circumstances a fee may be payable.
Back Scanning of Paper GP Records
Information Governance
What is happening and how is my data being used?
Laurencekirk Medical Practice are back scanning all GP paper records including the Lloyd George Wallets (LGW) to store them in a digital format.
Personal data and Special categories of personal data
All paper records and LGWs will be scanned which contain your personal data and health data which is recorded in your GP records.
This will include but not limited to your full name, DOB, CHI, address, previous addresses and names, contact details such as telephone numbers and email addresses, NOK & emergency contact name(s) and contact details, details of your family along with potentially family history, social history, health information, imaging and photography, any other data received from other organisations such as NHS Boards, private healthcare, local authority, other health organisations or voluntary organisations.
Data controller
Fiona Jamieson, Practice Manager is the data controller for the data to be digitised.
The scanning of your paper health records will be undertaken by a company called NEC Software Solutions UK Limited (NEC).
NEC are providing a complete end-to-end solution with records being digitised and automatically filed within the GP Practice’s Docman application by suppliers Microtech.
NEC are also supported by other organisations they have contracted with to deliver the end-to-end solution. They use Freight-port as their couriers for transportation of the records from the GP practice to NEC, and they use Shred-it for the secure destruction of the patient records after they have been scanned and instruction provided to NEC by the Practice to destroy the physical records.
The Practice have a signed an Agreement with NEC setting out instructions and standards on how your information is processed by them and their sub-processors.
Personal data which the Practice is data controller for, is retained in the same way as the other medical information we hold about you. Please see our full privacy notice for more information.
NHS Inform also provides information how NHS Scotland uses and retains your data; please see the link below:
A specific Information Sharing Agreement has been put in place to document the sharing of personal data by the participating health organisations, including GP Practices. This is supported by a high level Agreement known as the Intra NHS Scotland Information Sharing Accord (2020) which enables participating health organisations share your personal data for specific purposes.
Lawful processing
We assert that it is lawful for us to process your personal data in this way as:
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- processing is necessary in order to protect the vital interests of the data subject or of another natural person;
We assert that it is lawful for us to process special categories of your personal data in this way as:
- processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards … ;
AND
DPA 2018 Schedule 1 Condition:
2(1) Health & Social Care Purposes
- processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent;
- processing is necessary for the establishment, exercise or defence of legal claims.
- processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy;
Your rights
We respect your rights and preferences in relation to your data. If you wish to update, access, erase, limit, or complain about the use of your information, please let us know by emailing gram.laurencekirkadministrator@nhs.scot in the first instance and we will consider your questions. You may also wish to contact the Health Board under which your care is being delivered or the Information Commissioner’s Office.